all InfoSec news
CVE-2023-32670 (buddyboss)
Oct. 3, 2023, 1:15 p.m. |
National Vulnerability Database web.nvd.nist.gov
in BuddyBoss 2.2.9 version
, which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded.
attacker basic cross-site cve image javascript jpg local malicious name parameter payload persistent privileges scripting version vulnerability
More from web.nvd.nist.gov / National Vulnerability Database
CVE-2023-21380 (android)
6 months ago |
web.nvd.nist.gov
CVE-2023-21381 (android)
6 months ago |
web.nvd.nist.gov
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Senior Software Engineer, Security
@ Niantic | Zürich, Switzerland
Consultant expert en sécurité des systèmes industriels (H/F)
@ Devoteam | Levallois-Perret, France
Cybersecurity Analyst
@ Bally's | Providence, Rhode Island, United States
Digital Trust Cyber Defense Executive
@ KPMG India | Gurgaon, Haryana, India
Program Manager - Cybersecurity Assessment Services
@ TestPros | Remote (and DMV), DC